If you are new to Computer Science please read our FAQ before posting. Your question might have already been answered!

Do not post questions such as "should I study computer science?", "how do I get an internship?", "what sort of job can I get after school?", etc... There have been too many of these threads; they bore the regulars and scare away experts. If you have a question like this, please consider posting on cscareerquestions or askcomputerscience.

In a reasonable amount of time. Any algorithm can be brute forced. I would consider an algorithm broken if you can make correlations significantly faster than brute-force. It all depends on the algorithm though. If you reduce the keyspace from 101000 to 10100, there is really no practical change.

Not any. A one time pad is provably secure. Given a ciphertext and a pad, you can't know whether the plaintext you get from combining the two is the original plaintext, or if the pad was constructed to produce a desired plaintext from the ciphertext. The only way you know that you're getting the right plaintext from a ciphertext is that you know you have the right pad.

Of course, this is impractical, as it's hard to generate large enough quantities of random data, and you have to share a pad the size of your plaintext or larger. But there is one algorithm that cannot be brute forced.

A one time pad is only provably secure with a truly random pad. If you use a PRNG with a specific seed, you introduced new risks. If an attacker knows you took this approach (and you should assume they do), they only need to brute force your seed. Once they find a seed that produces a meaningful plaintext when run through the PRNG and combined with your ciphertext, they can be pretty confident they found the right seed as the search space is too small to produce a lot of meaningful outcomes.

They might also be able to exploit weaknesses in your PRNG to reduce the search space of the key.

There can be various respects in which a cryptographic algorithm is broken. One you mentioned but there are a wide variety of attacks. The BREACH exploit is fairly recent and doesn't involve finding out hidden numbers or anything - just analysis of the ciphertext and a common server configuration setting [compression].